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(54) Method and arrangement in an ad hoc communication network 



(57) The present invention relates to the require- 
ment of security in an ad hoc network. More particutarty 
It relates to the problem within ad hoc networks, not hav- 
ing on-line connections to a particular server for getting 
desired public keys or certificates, required to create 
trust relations. 

Within an ad hoc communication network, some of 



the nodes have a mutual trust relation to each other, thus 
constituting a trust group. An additional node within the 
network Is being a candidate node for joining the trust 
group. An X-node is identified, being a member of a trust 
group and having a trust relation with the candidate 
node. The X-node distributes trust relations between the 
members of the trust group and the candidate node. 




Description 

FIELD OF INVENTION 



[0001] The present Invention relates to the field of 
communication networks and more specifically to an ad 
hoc communication network and a method for establish- 
ing security In an ad hoc network 

DESCRiPTION OF REi-ATED ART 

[0002] The fast growth of open networks with easy ac- 
cess has raised many security problems. Several secu- 
rity solutions for public networks like the Internet have 
appeared. Security Is a problem In all kinds of open net- 
works both wired and wireless. Information transmitted 
over the air is extremely vulnerable. Today there exist 
solutions that are built upon some type of so called pub- 
ifc key infrastructure (PKI). A public key infrastructure is 
a system used to distribute and check public keys that 
can be used to authenticate users, exchange session 
keys, sign infomriation or encrypt Infonmatlon. 
[0003] in a PKI system, two corresponding (also 
called asymmetric) keys are used in connection with 
protecting Information. Infomriation, which is encrypted 
with one of the two keys, can be decrypted only with the 
other key. In some PKI systems either of the two keys 
can be used to encrypt and the other to decrypt. In other 
systems, one key must be used only for encryption and 
the other for decryption. One important feature of PKI 
systems is that it is computationally unfeasible to use 
knowledge of one of the keys to deduce the other key. 
In a typical PKI system, each of the systems possesses 
a set of two such keys. One of the keys is maintained 
private while the other is freely published. If a sender 
encrypts a message with the recipient's public key, only 
the intended recipient can decrypt the message, since 
only the recipient is in possession of the private key cor- 
responding to the published public key. If the sender, 
before perfonning the above encryption, first encrypts 
the message with the senders private key, the recipient, 
upon performing first a decryption, using the recipient's 
private key, then a decryption on the result, using the 
sender's public key, is assured not only of privacy but of 
authentication since only the sender could have en- 
crypted a message such that the sender's public key 
successfully decrypts it in one digital signature scheme, 
one-way hash is first applied to a message and the hash 
of the message is encrypted with the sender's private 
key. 

[0004] A PKI distributes one or several public keys 
and determine whether a certain public key can be trust- 
ed for certain usage or not A piece of digitally signed 
Infonnation is often called a certificate. Certlfteates are 
the basis upon which PKIs are built 
The degree of confidence that the recipient has In the 
source of a message depends on the degree of the re- 
cipient's confidence that the sender's public key con-e- 
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spends to a private key that was possessed only by the 
sender. In many current systems, a number of generally 
well trusted certification authorities have been estab- 
lished to provide this degree of confidence. 
s A common certificate fonnat is Standard X.509 (devel- 
oped by the International Standards Organisation (ISO) 
and the Comit6 Consultatif InternatlonaieTelegraphlque 
et Teiephonique (CCITT)). Such a certificate may, e.g., 
include a public key, the name of subject who possesses 
10 or Is associated with the public key, an expiration date, 
all of which are digitally signed by a trusted party. The 
digital signature may be provided e.g.. according to the 
digital signature standard (DSS) (National institute of 
Standards and Technology (NIST)). Typically a digital 
IS signature involves applying a one-way hash and then 
encrypting with the private key of, in this case, the cer- 
tification authority. Such digital signature is provided us- 
ing the private key of the trusted parly which. In tum, is 
authenticated using the trusted party's certificate signed 
20 by yet another trusted party, so that there may be a multi- 
level hierarchy of trusted parties. 
Another certificate format is Pretty Good Privacy (PGP) 
developed by P. ZImmemiann and described in Intemet 
Engineering Task Force (IETF) Open PGP Specifica- 
25 tion. PGP provides a way to encrypt and decrypt, sign 
data and exchange keys. Thus it is more than just a PKI. 
However, the main idea with PGP is that no strict PKI Is 
needed, instead the PGP users themselves create and 
extend the PKI they need. This Is done by certifying oth- 
30 er users public keys. I.e., signing trusted public keys with 
their own secret key. In this way a "web of trust" is cre- 
ated. A particular key may have several different user 
IDs. Typically a user ID is an email address. If a revo- 
cation signature follows a key, the key is revoked. A user 
35 certifies another users key by signing It with one of the 
keys of his own, which has signing capability. When 
signing another key, different trust levels can be set, I. 
e., the amount of confidence the signer has in the signed 
key and user ID. 
40 [0005] Today, so-called ad hoc networics are used 
more and more frequently. An ad hoc networi< is estab- 
lished temporary for a special purpose. There Is no fixed 
Infrastructure, the nodes are the network The nodes 
within the network are often mobile and using radio links. 
^ An ad hoc networi? might constitute dynamic wide area 
connectivity in situations such as military operations, 
rescue and recovery operations, and remote construc- 
tion sites. An ad hoc network might also constitute local 
area connectivity in situations such as temporary con- 
50 ference sites, home networits and robot networi<s. An 
ad hoc network might also constitute personal area net- 
works in situations such as interconnected accessories, 
ad hoc conference table and games. The nodes might 
consist of e.g. mobile phones, lap tops, television sets, 
S5 washing machines in some situations like in military op- 
erations or business conferences when the communi- 
cation between the nodes comprises secrets, It Is very 
Important that a sender of a message can tmst that the 
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receiver really Is the intended receiver. 
[0006] In the previous examples, bindings between 
public keys and names or authorisation are described. 
Several of these certificate solutions exist in different 
systenu. However, it is not yet described how different 
certificates needed for different kinds of purposes are 
obtained. In the case of ordinary X.509 type of PKI with 
hierarchical Certifteate Authority (CA) structures, finding 
the right certificate is done using some central on-line 
server or by direct transmission of the certificate at con- 
nection set up. When using PGP either the desired pub- 
lic key is stored locally on a machine or the device has 
to make a connection to a central PGP server in order 
to find the desired pubic key. This worics if it Is possible 
for entities that need some type of security relation to 
have on-line connections to some particular servers. 
This is not the case for ad hoc networks. Ad hoc net- 
wortcs are created on the fly between entitles that hap- 
pen to be at the same physical location. 
[0007] Therefore, what is further needed is a mecha- 
nism for checking If different nodes in an ad hoc network 
share a trust relation and for creating trust among a cer- 
tain set of nodes without any pre-defined relations. 
[0008] The problem of how to distribute trust using 
public keys in ad hoc networi<s is addressed in this in- 
vention. Still the existing PKIs provide a basis upon 
whk:h solution also for ad hoc network can be built. 

SUMMARY OF THE INVENTION 

[0009] The present invention relates to the require- 
ment of security in an ad hoc network. More particularly 
it relates to the problem within ad hoc networks, not hav- 
ing on-line connections to a particular server for getting 
desired public keys or certlfk^ates, required to create 
trust relations. 

[0010] Accordingly, it is an object of the present inven- 
tion to unravel the above-mentioned problem. 
[001 1 ] The aforesaid problem are soh^ed by means of 
a method for finding possible trust relations between 
nodes within the ad hoc networi^ and share them with 
other nodes within the ad hoc network. 
[0012] The following scenario of establishing security 
in an ad hoc network describes the inventive concept of 
the present invention. 

[0013] Within an ad hoc communtoation networtc, 
some of the nodes have a mutual trust relation to each 
other, thus constituting a trust group. A node within the 
network is being a candidate node for joining the trust 
group. An X-node is identified, being a member of a trust 
group and having a trust relation with the candidate 
node. The X-node distributes trust relations between the 
members of the trust group and the candidate node. 
[0014] An advantage of the present invention is It Is 
possible to achieve the necessary security associations 
needed for distributing and sharing infomiation among 
a group of users that happens to be at the same physical 
location. There are a large amount of applications that 
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fits in to this scenario. Among those can be mentioned 
people from different companies or organisations that 
gather in a conference room can share documents with 
the meeting members. 

[DDI 5] Another advantage of the present invention is 
that the number of manually created trust relations be- 
tween members in an ad hoc communication networic is 
decreased. 

[001 6] Further scope of applicability of the present in- 
vention will become apparent from the detailed descrip- 
tion given hereinafter. However, it should be understood 
that the detailed description and specific examples, 
while indicating preferred embodiments of the invention, 
are given by way of lilustration only, since various 
changes and modifications within the spirit and scope 
of the invention will become apparent to those skilled in 
the art from this detailed description. 

BRIEF DESCRIPTION OF THE DRAWINGS 
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Figure 1 
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Figure 6 
Figure 7 



shows a scenario where a single node es- 
tablishes trust with an existing trust group 
within a communication network, 
shows a scenario where trust Is established 
in an ad hoc communication network, 
shows a scenario where trust is established 
in an ad hoc communication network, 
shows a scenario where two trust groups 
within an ad hoc communication network 
are merged. 

shows a scenario where two trust groups 
within an ad hoc communication networic 
are merged. 

shows a scenario where two trust groups 
within an ad hoc communication network 
are merged. 

shows a scenario where two trust groups 
within an ad hoc communication networic 
are merged. 



DESCRIPTION OF PREFFERED EMBODIMENTS 

[001 8] The ad hoc communication network according 
to the invention constitutes e.g. a bluetooth network. 
The ad hoc network comprises nodes constituting e.g., 
laptops and mobile phones, each node comprising a re- 
ceiver and a computer, the computer comprising a proc- 
essor and a memory. The nodes are interconnected via 
communication links. 

[0019] Figure 1 shows a possible scenario of the 
present invention in which a single node 101 Is added 
to an existing trust group 1 02. The trust group 102 com- 
prises nodes 1 03-1 05. All the nodes 1 03-1 05 In the trust 
group 102 have mutual trust relations with each other, 
the trust relations being created with trusted public keys. 
Thus each node 1 03-1 05 in the trust group 102 has the 
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trusted public keys of all the other nodes 1 03-1 05 within 
the trust group 1 02. The trusted public keys are e.g. 
used to sign messages to be sent between trusted 
nodes. The single node 101 and the trust group consti- 
tute an ad hoc communication network 106. According s 
to the invention all nodes 101, 103-105 have authority 
to delegate trust to other nodes that they trust within the 
network. The single node 1 01 would like to Join the trust 
group 1 02 and the single node is from now on called the 
candidate node 1 01 . 

[0020] Either the candidate node 1 01 sends a broad- 
cast message to all the nodes 1 03-1 05 within the trust 
group or it unicasts message to a special look up server 
where ail the nodes 1 03-1 05 can obtain the message. 
The message comprises the public key that the candi- 
date node 1 01 wants to use. The message might com- 
prise a set of public keys that the candidate node 1 01 
wants to use and possible certiflcate/s certifying the 
public key/s. 

[0021] Each node 1 03-1 05 within the trust group 1 02 
obtains the public key of the candidate node 101, and 
checks If It trusts the public key of the candidate node. 
[0022] A node 1 03 within the trust group that trusts 
the public key of the candidate node 101 is Identified, a 
so-called X-node 103. The X-node, 

sends a signed message comprising all the trusted 
keys of the nodes 1 03-1 05 within the trust group 
1 02 to the candidate node 1 01 , and 
signs the public key of the candidate node 1 01 and 
sends a message comprising the key together with 
the signature to all the other nodes 1 04, 1 05 within 
the trust group 102. 

[0023] If none of the nodes 103-1 05 within the trust 
group 1 02 trusts the candidate node a trust relation has 
to be manually created with an arbitrary node 1 05 within 
the trust group 102. This node 105 thus constitutes an 
X-node. A manual creation of trust relation between two 
nodes can be performed in different ways. In one way 
the two nodes enter their pin codes and then exchange 
public keys using an authenticated channel. The manual 
creation of trust relations results in that each node ob- 
tains a trusted public key from the other party. 
[0024] After the manual creation of trust, the X-node 
105 

sends a signed message comprising all the trusted 
keys of the nodes 103-105 within the trust group 
102 to the candidate node 101 , and 
signs the public key of the candidate node 1 01 and 
sends a message comprising the key together with 
the signature to ail the other nodes 1 03, 1 04 within 
the trust group 102. 

[0025] Figure 2 shows another scenario of the 
present Invention. In this scenario an ad hoc communi- 
cation network 201 is formed. Thetrust groups 202, 203, 



204 and 205 within the ad hoc network are used to cre- 
ate additional trust relations within the network The trust 
relations are created with signed public keys. The ad 
hoc network comprises nodes A-iy/l. In this embodiment, 
each of the nodes A-M constitutes a node being a can- 
didate for joining a secure ad hoc network Le., a trust 
group wherein all nodes A-M have mutual trust relations. 
[0026] The nodes A, B, C, D and E have mutual trust 
relations and constitute a trust group 202. 

The nodes D, E, G, J and K have mutual trust relations 
and constitute a trust group 203. 
The nodes A, E, F and I have mutual trust relations and 
constitute a trust group 204. 

The nodes H and M have mutual trust relations and con- 
stitute a trust group 205. The node L has no trust rela- 
tions to any of the other nodes within the network. 
[0027] As shown in figure 2, the node E belongs to 
three trust groups 202, 203 and 204. The node D and E 
belong to two trust groups, 202 and 203. The nodes A 
and E belong to two trust groups 202 and 204. 
[0028] According to the invention all nodes A-M have 
authority to delegate trust to other nodes that they trust, 
within the network. 201 . 

[0029] Each node A-M within the ad hoc network 201 
sends a broadcast message to all the nodes A-M within 
the ad hoc network 201 or a unlcast message to a spe- 
cial look up server where all the nodes A-M can obtain 
the message. The message comprises the public key 
that the candidate node A-M wants to use. The message 
might comprise a set of public keys that the candidate 
node wante to use and possible certificate/s certifying 
the public key/s. 

[0030] Each of the nodes A-M obtains the public keys 
of all the other nodes A-M, either they are trusted or un- 
trusted. Each node A-M then creates a list of its trusted 
nodes and their corresponding keys. E.g. node A which 
belongs to trust group 202 trusts the nodes B, C, D and 
E. 

[0031] In this scenario, one node A Is decided to act 
as a sender node A. Each of the nodes B-M, sends a 
registration message to the server node A comprising 
its public key and the list of its trusted nodes and their 
con-esponding public keys. 

[0032] Using the obtained infonmation the server node 
A identifies ail the nodes A-M and the trust groups 
202-205 within the ad hoc network. 
[0033] Server node A might find that some nodes or 
some trust groups are isolated, i.e. neither having a trust 
relation with the server node A nor having a trust relation 
with any of the nodes that A has a trust relation with. In 
this embodiment that goes for node L and trust group 

205 comprising the nodes H and M. 

[0034] In that case server node A asks the node L, to 
manually create a trust relation with the server node A. 
Server node further A asks one node H in that trust 
group 205, to manually create a trust relation with the 
server node A. This results in two more trust groups and 
is illustrated in figure 3. The nodes A and L constitutes 
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trust group 301 and the nodes A and H constitutes trust 
group 302. 

[0035] The server node A classifies all the nodes with- 
in the ad hoc network as being nodes that the server 
node A trusts, nodes B, C, D. E. F, 1, H and L, i.e. sever- 
trusted nodes, or as being nodes that server node A not 
trust, nodes G, J, K and M, i.e. server-untrusted nodes. 
The server node A then makes a list comprising the 
server-untrusted nodes, the so-called untrust-list; 
[0036] A sender-trusted node trusting a server-un- 
trusted node constitutes a so-called Y-node. The server 
node A identifies as many Y-nodes as required for dis- 
tributing trust relations to ail or as many as possible of 
the sen/er-untrusted nodes. I.e. server node A identifies 
node D. having trust relations with nodes G, K and J, 
and node H having a trust relation with node M. Thus 
node D and node H can distribute tmst relations be- 
tween all the server-untrusted nodes and server node 
A according to the following process: 
[0037] The server node A sends a message to the 
identified Y-nodes, the message comprising, 

the untrust-list comprising the nodes G, J, K and M 
and their corresponding public keys, and 
a request of distributing as many trust relations as 
possible between server node A and server-un- 
trusted nodes. 

[0038] An Y-node obtains the message and checks, 
which of the keys it trusts, i.e. which of the server-un- 
trusted nodes G, J, K and M the Y-node trusts. 
[0039] The identified Y-nodes then each perfonm the 
following steps 1 -3 for each of the nodes that the respec- 
tive Y-node trusts. In this case the Y-node D perfomis 
the steps for each of the nodes G, J and K and Y-node 
H performs the steps for node M. 

1 . The Y-node signs the public key of server node 
A and sends It to the node that the Y-node trusts, e. 
g. Node D signs server node As key and sends it 
to node G, 

2. The Y-node signs the public key of the node that 
the Y-node trusts and sends it to server node A, e. 
g. Node D signs node G*s key and sends it to server 
node A. 

3. Server node A reclassifies the node that the Y- 
node trust, and that the server node A now trusts, 
as now being a server-trusted node, and the un- 
trust-list is reduced with said node, e.g. server node 
A reclassifies node G as being a server trusted node 
and the untrust-iist is reduced to J, K, and M. 

[0040] The distribution of trust relations Is now com- 
pleted and the untrust-llst Is empty. Server node A has 
collected signed public keys from all nodes B-M within 
the ad hoc networic 201 and sends a message to all 
nodes B-M comprising server node A's collected signed 
public keys from all the nodes B-f^ within the ad hoc 



network. 

[0041 ] The nodes A-M within the ad hoc communica- 
tion network 201 now have mutual trust relations and a 
secure ad hoc network is established. 

s [0042] Figure 4 shows yet another scenario of the 
present invention. In this scenario an ad hoc networi( 
401 comprises two trust groups 402 and 403 which shall 
be merged to one trust group constituting a secure ad 
hoc network The first trust group 402 comprises a set of 

10 nodes, N. O, P, Q and R, all having mutual trust relations. 
The second trust group 403 comprises a set of nodes, 
S, T, U, V and W, all having mutual trust relations and 
which all are candidate nodes for joining the first trust 
group 402. The trust relations are created with trusted 

15 public keys. A node P Is decided to act as a server node 
P within the first trust group 402 and a candidate node 
S is decided to act as a server node S within the second 
trust group. According to the invention, the nodes N-W 
are authorised to delegate trust relations to other nodes 

20 within the network that it trusts. 

[0043] Server node S sends a message, comprising 
a list of ail candidate nodes S, T, U, V and W within the 
second trust group 403 and their corresponding public 
keys, to server node P. First server node P checks if it 

25 trusts any of the obtained keys, Le. if It has trust relations 
to any of the candidate nodes S. T, U, V and VV. First 
server node P, then classifies the candidate nodes as 
being first server-trusted nodes or as being first server- 
untrusted node, in this case P-trusted or P-untrusted. 

30 [0044] If the classification results in at least one first 
server-trusted node, a scenario comes up as illustrated 
In figure 5. In this scenario first server node P has a 
trust relation to the node W and first server node P sends 
a message to second server node S. The message com- 

35 prises 

a list of ail nodes N, O, P, Q and R within the first 
trust group 402 and their corresponding publk: keys, 
and 

40-8 list of first server-trusted nodes, which in this case 
is the P-trusted node W, and its corresponding pub- 
lic key. 

[0045] Second server node S obtains the message 
45 and signs it and forwards it to node W. 

[0046] Node W receives the signed message and 
checks the signature of the message. If node W trusts 
the signature, node W 

50 - signs the received public keys of the nodes N, O, P, 
Q and R within the first trust group 402, 
sends a signed message comprising the signed 
public keys of the nodes N, O, P, Q and R within the 
first trust group 402 to all candidate nodes S, T, U 

ss and V within the second network, 

sends a signed message comprising all trusted 
public keys of the candidate nodes S, T, U, V and 
W to first server node P. 
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[0047] First server node P receives the message and 
checks the signature of the message. If it is valid, first 
server node P signs the public keys of the candidate 
nodes S, T, U, V and W within the second trust group 
403 and sends them in a signed message to ail nodes 
N, O, Q and R. 

[0048] The nodes N-W within the ad hoc network 1 02 
now have mutual trust relations and a secure ad hoc 
communication networl< is established. 
[0049] in another scenario, shown in figure 6, the 
classification is resulting in no first server-trusted node 
I.e. a P-trusted node. This means that first server node 
P has no trust relation with any of the candidate nodes 
S, T, U, V and W. Server node P then asks the other 
nodes N, O, Q and R within the first trust group 402, one 
by one, until sever node P obtains a positive answer of 
the question, if they have a trust relation with any of the 
candidate nodes S, T, U, V and W, within the second 
trust group 403. 

[0050] In this case, node N has no such tmst relation, 
the query isfontvardedto node O, which has not got such 
trust relation either. The query Is fonvarded to node Q, 
which has a trust relation with node V in the second trust 
group, and now the procedure of distributing trust can 
start 

[0051] Node Q sends a signed message to second 
server node S. The message comprises: 

- a list of all nodes N, O, P. Q and R within the first 
trust group 402 andthelrcorresponding public keys, 
a list of the nodes that node Q trusts, which in this 
case is the node V, and its corresponding publk: key. 

[0052] Second server node S obtains the message 
and forwards it to node V. 

[0053] Node V receives the signed message and 
checks the signature of the message. If node V trusts 
the signature, it signs the received public keys of the 
nodes N, O, P, Q and R within the first trust group 402. 
Node V then sends a signed message comprising the 
signed public keys of the nodes N, O, P, Q and R within 
the first trust group 402 to all candidate nodes S, T, U 
and W within the second network. Node V sends a 
signed message comprising all trusted public keys of the 
candidate nodes S, T, U, V and W to node Q. 
[0054] Node Q receives the message and checks the 
signature of the message. If it is valid, node Q signs the 
public keys of the candidate nodes S, T, U, V and W 
within the second trust group 403 and sends the keys 
in a signed message to the other nodes N, O, P and R 
within the first trust group 402. 

[0055] The nodes N-W within the ad hoc network 1 02 
now have mutual trust relations and a secure ad hoc 
communication network Is established. 
[0056] In yet another scenario, none of the nodes N, 
O, P, Q and R, within the first trust group 402, have a 
trust relation with any of the candidate nodes S, T, U, V 
and W, within the second trust group 403. In this case 



a message is returned to first server node P asking node 
P to manually create a trust relation with the second 
server node S. This scenario Is illustrated in figure 7. 
First server node P and second server node S now con- 

5 stitute a trust group 701 . 

[0057] First sender node P sends a message to sec- 
ond sen/er node S. The message comprises a list of all 
nodes N, O, P, Q and R, within the first trust group 402, 
and their corresponding public keys. 

10 [0058] Second server node S 

signs the received public keys of the nodes N, O, P, 

Q and R within the first trust group 402, 

sends a signed message comprising the signed 

IS public keys of the nodes N, O, P, Q and R within the 
first trust group 402 to all candidate nodes S, T U 
and V within the second network, 
sends a signed message comprising all trusted 
public keys of the candidate nodes S. T, U, V and 

20 w to first sender node P. 

[0O59] First sender node P receives the message and 
checks the signature of the message. If It Is valid, first 
server node P signs the public keys of the candidate 
25 nodes S, T, U, V and W within the second trust group 
403 and sends them in a signed message to all nodes 
N, O.Qand R. 

[0060] The nodes N-W within the ad hoc communica- 
tion network 1 02 are now having mutual trust relations 
30 and a secure ad hoc network is established. 



Claims 

35 1 . Method for establishing security in an ad hoc com- 
munication network {1 06), the ad hoc networi( (1 06) 
comprising a set of communication nodes (101, 
103-105) whereof at least two of the nodes 
(103-105) having a mutual trust relation and thus 

40 constituting a trust group (102), the trust relations 
being created with public keys, and at least one ad- 
ditional node (101), being a candidate for joining the 
trust group (102) within the ad hoc network (106), 
characterised by the nodes having authority to del- 

45 egate trust to nodes they trust, the method compris- 
ing the steps of 

a) identifying a node (1 03) within thetrust group 
having a trust relation with the candidate node 

50 (101), a so-called X-node (103); 

b) distributing trust relations between all the 
members in the trust group (1 02) and the can- 
didate node (101) by means of the X-node 
(103). 

55 

2. The method of claim 1 , characterised by compris- 
ing the further step to be taken before step a), the 
candidate node (1 01 ) sending a message, compris- 
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ing its pubfic key. to all nodes (103-105) within the 
network. 

3. The method of any of the prevtous ciainns. charac- 
terised In that the ad hoc network {1 06) comprises 
a single trust group (102). and a single candidate 
node (1 01 ), wherein step b), Implies that the X-node 
(1 03) sends a signed message, comprising a list of 
the nodes (104. 105) that the X-node (103) trusts 
within the ad hoc network (106), and all their con^e- 
spondlng publk: keys, to the candidate node (101). 

4. The method according to any of the previous 
claims, characterised In that step b) further Implies 
that the X-node (103) signs the candidate node's 
(101) public key. 

5. The method according to the previous claim, char- 
acterised in that step b) further Implies, the X-node 
(103), sends a message, comprising the candidate 
node's (101) signed public key, to the nodes 
(104-105) within the trust group (102). 

6. The method according to claim 2 characterised in 
that the ad hoc network (201) comprises a set of 
nodes (A-M) comprising several trust groups 
(202-205), and ail nodes (A-M) being candidates for 
joining all trust groups, within the ad hoc network, 
that they are not already a member of, the method 
comprising the further step to be taken, by each 
node (A-M), after receiving the messages from all 
candidate nodes (A-M), 

creating a list of the candidate nodes that the par- 
ticular node trusts and their corresponding public 
keys. 

7. The method according to the previous claim, char- 
acterised by further comprising the step of deciding 
one node (A) within the ad hoc network (201 ) to act 
as a server node (A). 

8. The method according to any of the claims 6-7. 
characterised by further comprising the step of, the 
server node (A) receiving from each other node (B- 
M) within the networtc, a message comprising Its re- 
spective public key, the respective list of the candi- 
date nodes that the respective node trust and their 
corresponding public keys. 

9. The method according to the previous claim, char- 
acterised by further comprising the step of, the 
server node (A) classifying the at least one candi- 
date node as being a server-trusted node (B, C, D. 
E, F and I) or as being a server-untrusted node (G, 
H. J. K. L and M), depending on whether the server 
node (A) trusts it or not. 

1 0. The method according to the previous claim, where- 



in a server-trusted node trusting a server-untrusted 
node constitutes a so-called Y-node, character- 
ised In that the step a) implies that the server node 
(A) Identifies at least one Y-node required for dls- 
5 tributing trust relations between the server node (A) 
and as many server-untrusted nodes as possible. 

11. The method according to the previous daim, char- 
acterised In step b) further implying that server 
10 node (A) sends a request to the Identified Y-nodes 
(D, H) of distributing said trust relations between 
server node A and server-untrusted nodes. 



12. The method according to the previous daim. char- 
ts acterised In step b) further implying that server 

node (A) obtains said requested trust relations. 

13. The method according to the previous claim, char- 
acterised in. the step of obtaining the trust relations 

20 comprising that for each server-untrusted node that 
the Y-node have a trust relation with, the Y-node 
signs the public key of the server node (A) and for- 
wards It to the server-untrusted node. 



25 14. 



30 



the method according to any of the claims 12-13, 
characterised in the step of obtaining the trust re- 
lations comprising that for each server-untrusted 
node that the Y-node have a trust relation with, the 
Y-node signs the publte key of the server-untrusted 
node and fonwards it to the server node (A). 



15. The method according to any of the claims 12-14, 
characterised by comprising the further step of. 
sender node (A), after obtaining said trust relation, 

35 reclassifying the server-untrusted node with the ob- 
tained trust relation as being a server-trusted node. 

16. The method according to any of the claims 12-15, 
characterised by comprising the further step of, 

40 server node (A) sending a signed message com- 
prising the sewer node's (A) all trusted public keys 
belonging to trusted candidate nodes within the ad 
hoc networic. (201). 

45 17. An ad hoc communication network (106) compris- 
ing a set of communication nodes (101. 103-105) 
whereof 

the nodes (101.1 03-1 05) each comprising a re- 
50 ceiver and a computer, the computer compris- 

ing a processor and a memory, 
the nodes (101.1 03-1 05) being Interconnected 
with communication links, 
at least two of the nodes (1 03-1 05) are having 
55 a mutual trust relation and thus constituting a 

trust group (102). the trust relations being cre- 
ated with public keys, and 
at least one additional node (101) being a can- 
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didate for Joining at ieast one trust group (1 02) 
within tlie ad hoc network, 

characterised by 

the candidate node (101) having nneans for re- 
questing if any of the nodes within the trust 
group (102) have a trust reiation with the can- 
didate node (101), 

the nodes being authorised to and are having 
means for, distributing trust relations between 
its trust group(102) and the candidate node 
(101) that It trusts. 

18. The ad hoc communication networic (201) accord- 
ing to the previous claim, characterised by each 
node (A-IVI) having means for creating a list of the 
candidate nodes that the node trusts and their cor- 
responding public keys, to be stored in the memory. 

19. The ad hoc communication network according to 
any of the claims 17-1 8, characterised In that one 
node (A) within the ad hoc network (201) being a 
server node (A), capable of administrate distribution 
of trust relations. 



er node (A) having means for distributing obtained 
trust relations to the nodes within the ad hoc com- 
munication network (201). 

5 24. A computer program product directly loadable into 
the internal memory of a digital computer within a 
node being a member of an ad hoc communication 
networic, comprising software code portions for per- 
fomnlng the steps of any of the claims 1-16 when 

10 said product is run on a computer. 

25. A computer program product stored on a computer 
usable medium, comprising readable program for 
causing a computer, within a node being a member 
15 of an ad hoc communication networic, to control an 
execution of the steps of any of the claims 1 -1 6. 



20 



25 



20. The ad hoc communication network (201) accord- 
ing to the previous claim, characterised by the 
server node (A) having means for classifying the at 
least one candidate node as being a server-trusted 30 
node (B, C, D, E, F and I), or as being a server- 
untrusted node (G, H, J, K, L and M), depending on 
whether the server node (A) trusts the candidate 
node or not. 

35 

21. The ad hoc communication network (201) acx:ord- 
Ing to the previous claim, wherein a server-trusted 
node trusting a server-untrusted node constitutes a 
so-called Y-node characterised by the server node 

(A) having means for identifying at least one Y-node 40 
(D, H) required for distributing trust relations be- 
tween the server node A and the server-untrusted 
nodes. 



22. The ad hoc communication network (201) accord- 45 
ing to the previous claim characterised by the serv- 
er node (A) having means for sending to each of the 
identified Y-nodes (D.H), 



a request as to which of the server-untrusted 50 
nodes (G, H, J and M) the Y-node (D.H) has a 
trust relation with, and 

a request for distributing trust relations be- 
tween the server node (A) and the requested 
server-untrusted nodes. 



23. The ad hoc communication network according to 
any of the claims 20-22, characterised by the serv- 
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